Newsletter Q2 2023

IBM Trusteer Pinpoint

General improvements

  • Improvements to the Pinpoint architecture to reduce Pinpoint API latency, including:
  • Addition of AWS Global Accelerator,
  • Better measurement and identifying of bottlenecks in policy calculation,
  • Optimization of the order of the policy rules that run on the Pinpoint server.
  • Improvements to the session reset functionality to prevent unexpected session resets.

Detection enhancements

  • IBM Trusteer Threat Research identified a new malware variant in the Danabot family. The Pinpoint malware detection signatures were updated to generate alerts when this new variant is detected. You should expect to see an increase in malware alerts that reference the Danabot malware. If you have any questions, you can contact our Enterprise Support team by opening a case in the Customer Portal.

  • A new risk reason was added with reason ID 41: Suspicious account activity for a suspected mule account. This reason is generated for devices that access an account with attributes that indicate that it might be a mule account. This capability is based on the Trustboard capability of attack classification, which enables you to provide feedback on the fraud attack method.

    • The device associated with the classified mule account will be added to the suspicious global device ID consortium.
    • The risk level of any future devices associated with a confirmed mule account will be increased.

Monitoring

  • To provide flexibility and to expand monitoring capabilities in Pinpoint, we improved the monitoring infrastructure, which allows us to monitor per session ID or per Pinpoint API request.

IBM Trusteer Mobile SDK

New attacks (signatures)

Mobile researchers detected and released notifications for the following campaigns:

  • Predasus - “New Campaign Alert of New Malware Predasus Targets Customers in LATAM”
  • RoamingMantis - “New Campaign Alert of RoamingMantis Malware Targets Customers in Japan”

Mobile SDK supported platform and versions

  • Mobile SDK 5.2 and above are supported. Older versions are not supported since Jun 2023.

    From 15 June 2023, Mobile SDK 4.9, 5.0, 5.1, and all their minor versions are no longer supported.

    From 1 September 2023, Mobile SDK 5.2, 5.3, and all their minor versions will become unsupported.

    From 23 December 2023, Mobile SDK 5.4 and all its minor versions will become unsupported.

    For more information, see Support Lifecycle.

  • Supported platforms (in supported Mobile SDK versions)

    • iOS - supports iOS 13 and later

    • Android - supports Android 8 and later

  • Supported iOS development environments: Xcode 13.3 or later (aligned with Apple)

  • Supported Android development environments: Android Studio 3.1.1 or later

Trustboard

  • As part of IBM Security Trusteer efforts to move functionality from the Trusteer Management Application (TMA) to Trustboard prior to the end of support for TMA, user management functionality is now included in Trustboard. With the user management feature, you can perform the following tasks:

    • Add and edit users
    • Limit which applications users can view
    • Remove users
    • Password management
    • Audit trail of which actions were performed

    For more information, see User Management.

  • Added the agent key as an additional field, which helps you to correlate mobile devices across your users.

  • The device blocklist feature was previously available as a beta release to a limited number of customers. In this quarter, we enabled the feature for all customers. This feature allows you to add suspicious devices to a blocklist that is unique to your Trustboard instance. When these suspicious devices appear in subsequent sessions, you can take action based on your internal organization requirements. For more information, see Managing the Blocklist.

  • Added the device marketing name as an additional field, which helps you to better identify mobile devices that access your banking app.